[wp-trac] [WordPress Trac] #59234: Introduce a `wp_json_decode()` function, including validation when available
WordPress Trac
noreply at wordpress.org
Mon Aug 28 23:50:15 UTC 2023
#59234: Introduce a `wp_json_decode()` function, including validation when
available
-------------------------+-------------------------------
Reporter: jrf | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 6.4
Component: General | Version: trunk
Severity: normal | Keywords: php83 needs-patch
Focuses: |
-------------------------+-------------------------------
From: https://core.trac.wordpress.org/ticket/59231:
> === [https://wiki.php.net/rfc/json_validate New json_validate()
function]
>
> This function is a high-performance way to validate json prior to
decoding it. This function cannot be polyfilled without a performance hit.
>
> However, due to the potential for using json for Denial-of-Service
attack vectors (via a HUGE file/stream), I would strongly recommend for WP
Core to start using this new function in all appropriate places wrapped
within an `if ( function_exists() ) {}`.
>
> The `json_decode()` function is used 44 times within `src` (excluding
external dependencies).
>
> We may want to consider introducing a `wp_json_decode()` function to
ensure the use of `json_validate()` (when available).
> This would then mirror the already existing
[https://developer.wordpress.org/reference/functions/wp_json_encode/
`wp_json_encode()`] function.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59234>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list